#accounttakeover — Public Fediverse posts

One does not simply exfiltrate a reset token using an email array.

And yet, Frodo (Matei "Mal" Bădănoiu) and Samwise (Raul Bledea) from Pentest-Tools.com did exactly that in FuelCMS.

Know someone's email? That's enough. Slip your address alongside theirs in a “forgot password” request and the token lands in your inbox. Their account is yours. You shall not (safely) parse!🧙

Chain it with PTT-2025-026 and you're looking at a 9.8 Critical unauthenticated RCE. One array to rule them all! 💍

Full PoC here: https://pentest-tools.com/research

#offensivesecurity #vulnerabilityresearch #infosec #accounttakeover

Account Takeover Scams Surge as FBI Reports Over $262 Million in Losses https://thecyberexpress.com/account-takeover-fraud-sees-sharp-spike/ #InternetCrimeComplaintCenter(IC3) #phishingdomainsandwebsites #AccountTakeover(ATO)fraud #MultifactorAuthentication #TheCyberExpressNews #socialengineering #phishingwebsites #AccountTakeover #BlackFridaySale #TheCyberExpress #FirewallDaily #SEOpoisoning #Governance #CyberNews #ATOFraud #FBI

Account Takeover Scams Surge as FBI Reports Over $262 Million in Losses https://thecyberexpress.com/account-takeover-fraud-sees-sharp-spike/ #InternetCrimeComplaintCenter(IC3) #phishingdomainsandwebsites #AccountTakeover(ATO)fraud #MultifactorAuthentication #TheCyberExpressNews #socialengineering #phishingwebsites #AccountTakeover #BlackFridaySale #TheCyberExpress #FirewallDaily #SEOpoisoning #Governance #CyberNews #ATOFraud #FBI

Account Takeover Scams Surge as FBI Reports Over $262 Million in Losses https://thecyberexpress.com/account-takeover-fraud-sees-sharp-spike/ #InternetCrimeComplaintCenter(IC3) #phishingdomainsandwebsites #AccountTakeover(ATO)fraud #MultifactorAuthentication #TheCyberExpressNews #socialengineering #phishingwebsites #AccountTakeover #BlackFridaySale #TheCyberExpress #FirewallDaily #SEOpoisoning #Governance #CyberNews #ATOFraud #FBI

Account Takeover Scams Surge as FBI Reports Over $262 Million in Losses https://thecyberexpress.com/account-takeover-fraud-sees-sharp-spike/ #InternetCrimeComplaintCenter(IC3) #phishingdomainsandwebsites #AccountTakeover(ATO)fraud #MultifactorAuthentication #TheCyberExpressNews #socialengineering #phishingwebsites #AccountTakeover #BlackFridaySale #TheCyberExpress #FirewallDaily #SEOpoisoning #Governance #CyberNews #ATOFraud #FBI

Account Takeover: What Is It and How to Fight It https://hackread.com/account-takeover-what-is-it-how-to-fight-it/ #AccountTakeover #Cybersecurity #Security #ATO

When Strong Passwords Fail: Lessons from a Silent, Persistent Attack

1,038 words, 5 minutes read time.

As an IT professional, I pride myself on maintaining robust security practices. I use unique, complex passwords, enable two-factor authentication (2FA), and regularly monitor my accounts. Despite these precautions, I recently experienced a security breach that served as a stark reminder: even the most diligent efforts can fall short if certain vulnerabilities are overlooked.

The Unexpected Breach

I maintain a Microsoft 365 Developer account primarily for SharePoint development. This account isn’t part of my daily workflow; it’s used sporadically for testing and development purposes. To secure it, I employed a 36-character random password—a combination of letters, numbers, and symbols. This password was unique to the account and stored securely.

Despite these measures, I received a notification early one morning indicating a successful login attempt from an unfamiliar location. Fortunately, 2FA was enabled, and the unauthorized user couldn’t proceed without the second authentication factor. This incident prompted an immediate investigation into how such a breach could occur despite stringent password security.

The Silent Persistence of Attackers

Upon reviewing the account’s activity logs, I discovered a disturbing pattern: months of failed login attempts originating from various IP addresses. These attempts were methodical and spread out over time, likely to avoid triggering security alerts or lockouts. This tactic, known as a “low and slow” brute-force attack, is designed to fly under the radar of standard security monitoring systems.

Such persistent attacks underscore the importance of not only having strong passwords but also implementing additional security measures. According to the Cybersecurity and Infrastructure Security Agency (CISA), 2FA is essential to web security because it immediately neutralizes the risks associated with compromised passwords. If a password is hacked, guessed, or even phished, that’s no longer enough to give an intruder access: without approval at the second factor, a password alone is useless .

The Vulnerability of Dormant Accounts

One critical oversight on my part was the assumption that an infrequently used account posed less of a security risk. In reality, dormant accounts can be prime targets for attackers. These accounts often retain access privileges but are not actively monitored, making them susceptible to unauthorized access. As noted by security experts, dormant accounts often fly under the radar, making them perfect targets for threat actors. Since they aren’t actively monitored, cybercriminals can exploit them for weeks—or even months—before being detected .

This realization led me to reassess the security of all my accounts, especially those not regularly used. It’s imperative to treat every account with the same level of scrutiny and protection, regardless of its frequency of use.

Immediate Actions Taken

In response to the breach, I took several immediate steps to secure the compromised account and prevent future incidents:

First, I changed the account’s password to a new, equally complex and unique one. Recognizing that the email address associated with the account might have been targeted, I updated it to a more obscure variation, reducing the likelihood of automated credential stuffing attacks.

Next, I thoroughly reviewed the account’s security settings, ensuring that all recovery options were up-to-date and secure. I also examined the activity logs for any other suspicious behavior and reported the incident to Microsoft for further analysis.

Finally, I conducted a comprehensive audit of all my accounts, focusing on those that were dormant or infrequently used. I enabled 2FA on every account that supported it and closed any accounts that were no longer necessary.

Lessons Learned

This experience reinforced several critical lessons about cybersecurity:

Firstly, password strength alone is insufficient. While complex passwords are a fundamental aspect of security, they must be complemented by additional measures like 2FA. According to research, implementing 2FA can prevent up to 99.9% of account compromise attacks .

Secondly, dormant accounts are not inherently safe. Their inactivity can lead to complacency, making them attractive targets for attackers. Regular audits and monitoring of all accounts, regardless of usage frequency, are essential.

Thirdly, attackers are persistent and patient. The “low and slow” approach to brute-force attacks demonstrates a strategic method to bypass traditional security measures. Staying vigilant and proactive in monitoring account activity is crucial.

Strengthening Security Measures

In light of this incident, I have adopted several practices to enhance my cybersecurity posture:

I now regularly audit all my accounts, paying special attention to those that are dormant or infrequently used. I ensure that 2FA is enabled wherever possible and that all recovery options are secure and up-to-date.

Additionally, I have started using a reputable password manager to generate and store complex, unique passwords for each account. This tool simplifies the process of maintaining strong passwords without the need to remember each one individually.

Furthermore, I stay informed about the latest cybersecurity threats and best practices by subscribing to security newsletters and participating in professional forums. This continuous learning approach helps me adapt to the evolving threat landscape.

Conclusion

This incident served as a sobering reminder that no one is immune to cyber threats, regardless of their expertise or precautions. It highlighted the importance of a comprehensive security strategy that includes strong passwords, multi-factor authentication, regular account audits, and continuous education.

I encourage everyone to take a proactive approach to cybersecurity. Regularly review your accounts, enable 2FA, use a password manager, and stay informed about emerging threats. Remember, security is not a one-time setup but an ongoing process.

If you found this account insightful, consider subscribing to our newsletter for more cybersecurity tips and updates. Share your thoughts or experiences in the comments below—we can all learn from each other’s stories.

D. Bryan King

Sources

• CISA – Multi-Factor Authentication (MFA)
• arXiv – Understanding Multi-Factor Authentication Efficacy
• Microsoft – Why MFA Is a Must
• NCSC – Password Guidance: Simplifying Your Approach
• Tekie Geek – The Danger of Dormant Accounts
• OWASP – Authentication Cheat Sheet
• Bruce Schneier – Low and Slow Brute-Force Attacks
• Have I Been Pwned – Check if Your Email Was Compromised
• Australian Cyber Security Centre – Securing Your Accounts
• NIST – Updated Guidance on Digital Identity
• Kaspersky – Password Security Tips
• 1Password Blog – The Importance of MFA

Disclaimer:

The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.

Related Posts

Rate this:

#2FA #accountHacking #accountMonitoring #accountTakeover #bruteForceAttack #cloudAccountProtection #cloudSecurity #compromisedAccount #compromisedCredentials #compromisedMicrosoftAccount #credentialStuffing #credentialTheft #cyberattack #cybercrime #cybersecurity #cybersecurityAwareness #cybersecurityLessons #developerAccountSecurity #dormantAccounts #emailSecurity #hackerPrevention #howHackersBypassMFA #identityProtection #infosec #ITProfessionals #ITSecurity #ITSecurityIncident #loginSecurity #lowAndSlowAttack #MFA #MFAImportance #Microsoft365Security #MicrosoftLogin #passwordAloneNotEnough #passwordBreach #passwordEntropy #passwordHygiene #passwordManagement #PasswordSecurity #passwordVulnerability #persistentThreats #phishingProtection #randomHashPassword #realWorldBreach #realWorldCybersecurity #securePasswords #securingDormantAccounts #securityAudit #securityBestPractices #securityBreach #SharePointDeveloperAccount #SharePointSecurity #strongPasswords #techSecurityBreach #tokenHijacking #TwoFactorAuthentication

Defending Against Account Takeovers

Account takeovers (ATOs) are among the most damaging cyberattacks, often leading to data breaches or financial loss. Crowdalert combines real-time monitoring with human verification to stop ATOs before they escalate, prompting users to verify suspicious actions.

Ready to protect your organization? https://crowdalert.com

#Crowdalert #Cybersecurity #AccountTakeover #ATO #SecOps #ThreatDetection

Defending Against Account Takeovers

Account takeovers (ATOs) are among the most damaging cyberattacks, often leading to data breaches or financial loss. Crowdalert combines real-time monitoring with human verification to stop ATOs before they escalate, prompting users to verify suspicious actions.

Ready to protect your organization? https://crowdalert.com

#Crowdalert #Cybersecurity #AccountTakeover #ATO #SecOps #ThreatDetection

Defending Against Account Takeovers

Account takeovers (ATOs) are among the most damaging cyberattacks, often leading to data breaches or financial loss. Crowdalert combines real-time monitoring with human verification to stop ATOs before they escalate, prompting users to verify suspicious actions.

Ready to protect your organization? https://crowdalert.com

#Crowdalert #Cybersecurity #AccountTakeover #ATO #SecOps #ThreatDetection

Defending Against Account Takeovers

Account takeovers (ATOs) are among the most damaging cyberattacks, often leading to data breaches or financial loss. Crowdalert combines real-time monitoring with human verification to stop ATOs before they escalate, prompting users to verify suspicious actions.

Ready to protect your organization? https://crowdalert.com

#Crowdalert #Cybersecurity #AccountTakeover #ATO #SecOps #ThreatDetection

Defending Against Account Takeovers

Account takeovers (ATOs) are among the most damaging cyberattacks, often leading to data breaches or financial loss. Crowdalert combines real-time monitoring with human verification to stop ATOs before they escalate, prompting users to verify suspicious actions.

Ready to protect your organization? https://crowdalert.com

#Crowdalert #Cybersecurity #AccountTakeover #ATO #SecOps #ThreatDetection

https://www.forbes.com/sites/daveywinder/2024/10/26/gmail-security-alert-new-threat-from-10-second-account-hackers/ #cybersecurity #Gmail #accounttakeover #whattodo

Gmail Users Beware Of AI Scam that Takeovers Your Gmail Account https://cybersecuritynews.com/gmail-ai-scam-call-account-takeover/ #CyberSecurityNews #AccountTakeover #GmailSecurity #Phishing #AIScam #SCAM

Gmail Users Beware Of AI Scam that Takeovers Your Gmail Account https://cybersecuritynews.com/gmail-ai-scam-call-account-takeover/ #CyberSecurityNews #AccountTakeover #GmailSecurity #Phishing #AIScam #SCAM

Gmail Users Beware Of AI Scam that Takeovers Your Gmail Account https://cybersecuritynews.com/gmail-ai-scam-call-account-takeover/ #CyberSecurityNews #AccountTakeover #GmailSecurity #Phishing #AIScam #SCAM

📬 Bots machen die Hälfte des gesamten Internetverkehrs aus
#Cyberangriffe #Internet #KünstlicheIntelligenz #AccountTakeover #badbots #imperva #NanhiSingh #WebScrapingBot https://sc.tarnkappe.info/a86b90

"🚨 OAuth Vulnerabilities Exposed: Millions of Accounts at Risk! 🚨"

Recent research by Salt Labs has unveiled alarming vulnerabilities in the OAuth implementations of major online platforms, including Grammarly, Vidio, and Bukalapak. These oversights could have allowed attackers to take over millions of user accounts! 😱

OAuth, a widely adopted authorization protocol, is often perceived as secure. However, its implementation can be tricky. The research highlights the importance of verifying access tokens, a step often overlooked by developers. Without this verification, attackers can exploit tokens from one site to compromise user accounts on another.

For instance, Vidio, an online video streaming platform with 100M monthly users, and Bukalapak, a prominent eCommerce platform in Indonesia with 150M users, were found vulnerable to such attacks. Grammarly, the popular AI-powered writing tool, was also susceptible, potentially exposing users' private documents.

While these companies have since addressed the issues, the findings underscore the critical need for meticulous OAuth implementation and regular security audits. Always remember, it's not just about using secure protocols, but implementing them securely! 🔐

Source: Salt Labs Blog

Tags: #OAuth #Cybersecurity #Vulnerability #AccountTakeover #SaltLabs #Grammarly #Vidio #Bukalapak 🌐🔍🔓

📬 sphero: Hacker Sanggiero erbeutet Daten von 1 Million Nutzern
#Cyberangriffe #ITSicherheit #Szene #AccountTakeover #BreachForums #GraphQLAPI #Hack #Sanggiero #sphero https://tarnkappe.info/artikel/szene/sphero-hacker-sanggiero-erbeutet-daten-von-1-million-nutzern-281603.html

@confluency
POTENTIAL #SECURITY THREAT: The above website, #phanpyDotSocial is #CloudGlare and may be a #socialEngineering attack on #fediverse users to open them up to #accountTakeover.

If the above website asks one to login to ones #mastodon instance with their password then its a CloudGlare #phishing website/#honeypot.

We will not access on ethical grounds.

Tagging some boosters to warn them @njoseph @kkremitzki @michelin

#MITMAttack #MITMaaS #ClOudFlAre #fediverseAttack #cyberAttack

Happy #WorldPasswordDay!

I've cracked billions of #passwords from tens of thousands of #data #breaches in the past 12+ years, and because of this, I likely know at least one #password for 90% of people on the Internet. And I'm not alone! While I primarily crack breached passwords for research purposes and the thrill of the sport, others are selling your breached passwords to criminals who leverage them in #AccountTakeover and #CredentialStuffing attacks.

How can you keep your accounts safe?

- Use a #PasswordManager! I recommend @bitwarden and @1password

- Use a #Diceware style #passphrase - four or more words selected at random - for passwords you have to commit to memory, like your master password!

- Enable MFA for important online accounts, including cloud-based password managers!

- Harden your master password by tweaking your password manager's KDF settings! For #Bitwarden, use Argon2id with 64MB memory, 3 iterations, 4 parallelism. For #1Password and other PBKDF2 based password managers, set the iteration count to at least 600,000.

- Use unique, randomly generated passwords for all your accounts! Use your password manager to generate random 14-16 character passwords for everything. Modern password cracking is heavily optimized for human-generated passwords, because humans are highly predictable. Randomness defeats this and forces attackers to resort to incremental brute force! There's no trick you can do to make a secure, uncrackable password on your own - your meat glob will only betray you.

- Use an ad blocker like #uBlock Origin to keep you safe from password-stealing #malware and other browser based threats!

- Don't fall for #phishing attacks and other social engineering attacks! Browser-based password managers help defend against phishing attacks because they'll never autofill your passwords on fake login pages. Think before you click, and never give your passwords to anyone, not even if they offer you chocolate or weed.

- #Enterprises: require ad blockers, invest in an enterprise password management solution, audit password manager logs to ensure employes aren't sharing passwords outside the org, implement a Fine Grained Password Policy that requires a minimum of 20 characters to encourage the use of long passphrases, implement a password filter to block commonly used password patterns and compromised passwords, disable #NTLM authentication and disable RC4 for #Kerberos, disable legacy broadcast protocols like LLMNR and NBT-NS, require mandatory #SMB signing, use Group Managed Service Accounts instead of shared passwords, monitor public data breaches for employee credentials, and crack your own passwords to audit the effectiveness of your password policy and user training!

HackerOne breach lets outside hacker read customers’ private bug reports - Enlarge (credit: blogtrepreneur.com/tech)
As a leading vulnerability reporting platform, HackerOn... more: https://arstechnica.com/?p=1627495 #accounttakeover #sessioncookies #databreach #hackerone #biz&it

#ActuLibre Two Arrested for Stealing $550,000 in Cryptocurrency Using Sim Swapping -> http://feedproxy.google.com/~r/TheHackersNews/~3/z67k8uQ5jAQ/hacking-with-sim-swapping.html #accounttakeover #cryptocurrency #cybersecurity #hackingnews #SIMswapscam #SIMSwapping #Simhacking